A gaping flaw has been discovered in the HDFC Bank database which could have given an attacker complete access to the private data belonging to millions of the bank’s customers. The vulnerability was due to an oversight in the MSSQL database that the Bank had deployed. Using this flaw the Bank’s various databases can be accessed and dumped (backed up) by any routine hacker.
The flaw has exposed the data of millions of customers to a heavy risk and is not something you would expect from a bank of HDFC’s stature.The Housing Development Finance Corporation Limited (HDFC) was amongst the first to receive an ‘in principle’ approval from the Reserve Bank of India (RBI) to set up a bank in the private sector, as part of the RBI’s liberalization of the Indian Banking Industry in 1994.
The really curious aspect of the whole fiasco is that a company called zSecure had already found out the vulnerability some months earlier and notified the Bank. Even after their vulnerability check, the flaw remained undiscovered. It was found out and fixed recently by the bank.
Lately, there are many hacking stories is reported by us like National Security Guard’s website being hacked, Numerous major corporations’ websites and networks have been hacked by wave after wave of hackers and hacking groups. The further we advance into things like cloud computing, the greater is the need for better security systems to be put into place.
As we step into a more ‘Digital Age’, a strong security policy is all that can keep of our data intact and protected from any harm.
By: Denzil Lewis